- (Topic 4)
During a security incident on an laaS platform, which of the following actions will a systems administrator most likely take as part of the containment procedure?
Correct Answer:
B
Adding a deny rule to the network ACL is a common containment procedure for a security
incident on an IaaS platform, as it can isolate the affected instance from the rest of the network and prevent further compromise or data exfiltration. Connecting to an instance for triage, mirroring the traffic to perform a traffic capture, and performing a memory acquisition are more likely to be part of the analysis or evidence collection procedures, not the containment procedure.
References: CompTIA Cloud+ CV0-003 Exam Objectives, Objective 4.2: Given a scenario, apply security configurations and compliance controls ; Cloud Security Mitigation | Cloud Computing | CompTIA1
- (Topic 2)
A systems administrator is working in a globally distributed cloud environment. After a file server VM was moved to another region, all users began reporting slowness when saving files. Which of the following is the FIRST thing the administrator should check while troubleshooting?
Correct Answer:
A
Network latency is the first thing that the administrator should check while troubleshooting slowness when saving files after a file server VM was moved to another region in a globally distributed cloud environment. Network latency is a measure of how long it takes for data to travel from one point to another over a network or connection. Network latency can affect performance and user experience of cloud applications or services by determining how fast data can be transferred or processed between clients and servers or vice versa. Network latency can vary depending on various factors, such as distance, bandwidth, congestion, interference, etc. Network latency can increase when a file server VM is moved to another region in a globally distributed cloud environment, as it may increase the distance and decrease the bandwidth between clients and servers, which may result in delays or errors in data transfer or processing.
- (Topic 4)
A cloud administrator must ensure all servers are in compliance with the company's security policy Which of the following should the administrator check FIRST?
Correct Answer:
C
Hardened baselines are a set of security best practices that reduce the vulnerability of a system to exploits by reducing its attack surface1. They are also known as security configurations or benchmarks, and they provide a standard level of system hardening for an organization23.
Checking the hardened baselines of the servers is the first step that a cloud administrator should take to ensure compliance with the company’s security policy. This is because hardened baselines can help to:
Identify and eliminate common vulnerabilities and exposures (CVEs) that attackers can exploit1.
Remove unnecessary or unused services, accounts, software, and ports that can increase the attack surface23.
Apply appropriate settings and controls for encryption, authentication, authorization, firewall, and logging23.
Streamline audits and testing by reducing complexity and providing a reliable benchmark23.
- (Topic 4)
A cloud administrator has received a physical disk that was analyzed by the incident response team. Which of the following documents should the cloud administrator update?
Correct Answer:
A
A. Chain of custody
A chain of custody is a document that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. A chain of custody is important to ensure the integrity and admissibility of evidence in legal cases. A cloud administrator who receives a physical disk that was analyzed by the incident response team should update the chain of custody to document when, how, and by whom the disk was handled, and what actions were performed on it12.
An incident taxonomy is a classification system that provides additional information about an incident, such as the nature, impact, intent, root cause, and data exposed. An incident taxonomy is useful for identifying trends and patterns, but it does not track the movement or manipulation of evidence3.
A risk register is a document that identifies, records, and assesses potential risks in a project or an organization. A risk register helps to prioritize and mitigate risks, and to develop contingency plans. A risk register is not directly related to the analysis of a physical disk by the incident response team4.
An incident playbook is a document that provides a series of prescriptive steps and guidance for responding and resolving incidents. An incident playbook helps to simplify and standardize the response process, and to reduce human error. An incident playbook does not record the details or outcomes of the response actions5.
- (Topic 2)
A systems administrator is deploying a VM and would like to minimize storage utilization by ensuring the VM uses only the storage if needs. Which of the following will BEST achieve this goal?
Correct Answer:
D
Reference: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-4C0F4D73-82F2-4B81-8AA7- 1DD752A8A5AC.html
Thin provisioning is the technique that will minimize storage utilization by ensuring the VM uses only the storage it needs. Thin provisioning is a storage allocation method that assigns disk space to a VM on demand, rather than in advance. Thin provisioning can improve storage utilization and efficiency by avoiding overprovisioning and wasting disk space. Thin provisioning can also allow for more flexibility and scalability of storage resources.